Overview
overview
7Static
static
3ab4ce4283b...18.exe
windows7-x64
7ab4ce4283b...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3SpyFalcon.exe
windows7-x64
7SpyFalcon.exe
windows10-2004-x64
7msvcp71.dll
windows7-x64
3msvcp71.dll
windows10-2004-x64
3msvcr71.dll
windows7-x64
3msvcr71.dll
windows10-2004-x64
3uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3General
-
Target
ab4ce4283b57b4f2ef0ceb3d733af766_JaffaCakes118
-
Size
2.8MB
-
Sample
240819-rak58a1erq
-
MD5
ab4ce4283b57b4f2ef0ceb3d733af766
-
SHA1
2690ebf503345a00c602fd44047af3d515444755
-
SHA256
1a1636b5c9f7d8026ef4c41c7f1af957a7746370e962c4599a216e2b93c99db3
-
SHA512
a4dda505f83fa1e441d21dcc523b85e4af438d3d9fa3b47f4909cf067b7efe0535d3ef46a3fe697d3f4567232ef554dcd0889582f707ac8928048d5ae953aa14
-
SSDEEP
49152:R9nF6xj1T/jb6wB7GCIIK8/8l9C3gNxnrApBpc4qM/bZ+YAuewvEZjwtKrIL2u11:R9Qd1T/XBKCIIK8/w0gDA5c43/t+Y5nL
Static task
static1
Behavioral task
behavioral1
Sample
ab4ce4283b57b4f2ef0ceb3d733af766_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ab4ce4283b57b4f2ef0ceb3d733af766_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
SpyFalcon.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
SpyFalcon.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
msvcp71.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
msvcp71.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
msvcr71.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
msvcr71.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
uninst.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
uninst.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ab4ce4283b57b4f2ef0ceb3d733af766_JaffaCakes118
-
Size
2.8MB
-
MD5
ab4ce4283b57b4f2ef0ceb3d733af766
-
SHA1
2690ebf503345a00c602fd44047af3d515444755
-
SHA256
1a1636b5c9f7d8026ef4c41c7f1af957a7746370e962c4599a216e2b93c99db3
-
SHA512
a4dda505f83fa1e441d21dcc523b85e4af438d3d9fa3b47f4909cf067b7efe0535d3ef46a3fe697d3f4567232ef554dcd0889582f707ac8928048d5ae953aa14
-
SSDEEP
49152:R9nF6xj1T/jb6wB7GCIIK8/8l9C3gNxnrApBpc4qM/bZ+YAuewvEZjwtKrIL2u11:R9Qd1T/XBKCIIK8/w0gDA5c43/t+Y5nL
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
12KB
-
MD5
1d5c649dde35003a618b9679d5d71b92
-
SHA1
0409bbab3ab34f8c01289cdd847b4d1a32d05b18
-
SHA256
0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
-
SHA512
b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
-
SSDEEP
384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
6KB
-
MD5
5aae8598d8b53bcec81d8e8c8a6732f9
-
SHA1
d071fcc74a107c7d7bc5a493d305b00976b07464
-
SHA256
be3f03c07be54354b8a9a30a8c0ac384f43c245c9b95ed1025549c76642f3fb4
-
SHA512
d20af152b9d1903cd9cd0ff584f14f95ee69cd7149c9ef9369257d08659d1a7ab5860055b39ebd0ead67cfc31da2571175623a5676116ce999acea2b7a643c1d
-
SSDEEP
96:VLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsBQhEfP0:VLjPk8OT30FFAmCP0
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
4eff5fafd746f5decb93a44e3a3d570c
-
SHA1
a11aa7681b7e2df1c7f7492a127d332d1495ea8a
-
SHA256
cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
-
SHA512
cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
-
SSDEEP
192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score3/10 -
-
-
Target
SpyFalcon.exe
-
Size
1.7MB
-
MD5
efc3899410403e713bf3c78a27257a9b
-
SHA1
041f7d356243a91f5413c9fad2ce892c07664b7f
-
SHA256
ba8f2bd07232667d168f07c39d79f2ce2681dce65ff1e6df8a9b33477ca6cae2
-
SHA512
4e4aa36c70cec801cfb4996481fcfa24c7e021212d9e771fb4c655918d3a650d39217a20e7bdec74b7422136a4f74d42eab66152bcf69da17bbe36cbc45fa4ca
-
SSDEEP
24576:pZlJVQgy+nI9oQ0WaB63j/I/OfyptviekjjW7cqstIWET5TbqWg/Pf+:pJDs0Wk2fyptvieO4Yt2Thql/3+
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
-
-
Target
msvcp71.dll
-
Size
488KB
-
MD5
561fa2abb31dfa8fab762145f81667c2
-
SHA1
c8ccb04eedac821a13fae314a2435192860c72b8
-
SHA256
df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b
-
SHA512
7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43
-
SSDEEP
12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
Score3/10 -
-
-
Target
msvcr71.dll
-
Size
340KB
-
MD5
86f1895ae8c5e8b17d99ece768a70732
-
SHA1
d5502a1d00787d68f548ddeebbde1eca5e2b38ca
-
SHA256
8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
-
SHA512
3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
-
SSDEEP
6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score3/10 -
-
-
Target
uninst.exe
-
Size
40KB
-
MD5
ad651966f1792c370887a6fe5c10e730
-
SHA1
9cdc8e57675b97b29fbb1496dbc325ca10a17562
-
SHA256
039d7061fdae17ad7f6ec882b3b7831f8baba1a8f179f4e023922fa0f4758e1b
-
SHA512
a7064640f660249fe5fa50768cf9f11e8ceb8b3ac27b49d68dfcb15e2e2c296596aa3221af382dde88fc45efc8504ca7fe94ac5f9211cb1181eb1aec2fedc3a1
-
SSDEEP
768:LMEFP4CyxRyQR4Dk1b+/JwwXVPYwitff/ff6FS6sekJhCEy8HSVm8sXwBtr:FPJc2WCMNv0kJe8HSVm8Gur
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
462dc0d8abebaa425c7808e696ad5a4d
-
SHA1
db041b23fa77e1658d6c113fa73f4692a9168979
-
SHA256
faf49e3e51562992570a1b468b18bd6c2c0f9fc2904e3136ca7aaf2a12ad9ac0
-
SHA512
d1b77873251fa438f8fbebcd94820ba18c236d7f2ac4be85ae503fe6cac90544f889ef4facbca6f8b09c99c7f610a2d0a8aaa88505fce6df1f9b7d8b5eba3f83
-
SSDEEP
48:SHHPtcWCeM7etAo1UurdGl4A0h2TpXHWFv+wewzpv1XP3GhaEJ0of2ynh1:q1cWxfzrrh2cFvWwFtSj
Score3/10 -